1. Field of the Invention
The present invention is directed to a telecommunications access-control system. More particularly, the present invention is concerned with an access-control device and method for providing a password protected interface between a serving system (as for example Private Branch Exchange, Voice-Mail and Cellular systems) and a plurality of access codes resident in a user's memory device.
2. Description of the Related Art
Public and private communication networks use switching systems referred to as Central Office and Private Branch Switching (PBX) systems, for interconnecting the calling parties with the called parties. Typically, a calling party is connected to a switching system which responds to dialing instructions generated by the calling party to selectively interconnecting the calling party with called parties identified by the dialing instructions.
Switching systems are interconnected by communication networks. In this way a customer, who is connected to calling parties of a switching system, can access other switching systems over the communication network.
Currently, in order to provide the telephone users easy access to long-distance services, the majority of PBX systems are configured such that many of the PBX's telephones are assigned various classes of services which provide for high calling privileges, the user just dials the required number.
However, since the advances in computer technology have made electronic information networks a highly efficient tool for business and private sector, the problem of unauthorized access to the network has became more and more significant. This approach leaves the telephones vulnerable to various forms of unauthorized use, both internally and externally, since under this configuration, anyone can use the telephone and the caller can not be identified.
Most PBX's have the ability to employ "authorization codes", each authorization code with its own calling privileges. By issuing individual authorization codes, each with its appropriate access privilege, the telephones can be assigned a more secure toll denim class of service and users making toll calls must prior to dialing the telephone number, use their authorization code which temporarily overrides the telephone's assigned class of service.
The authorization code used to make the call can be included in the call record which allows the call to be correlated to the person placing the call.
Nevertheless, even where authorization codes are used, they are usually kept short (4-6 digits) making it easier for the user to enter the codes, but less secure. To be effective, the codes should be longer (8 or more digits), as the longer the codes are, the better protection could be obtained.
In addition, the current method does not prevent the unauthorized use of another person's authorization code.
Similar problems are encountered by the user's of voice-mail and multimedia systems. Voice-mail and multimedia systems assign mailboxes to individuals, as well as to system functions. Each mailbox has a number and a password. To access the contents of the mailbox, a user must first enter the mailbox number followed by the associated password.
As in the case of the PBX authorization codes, to facilitate user access to the mailbox, the mailbox passwords are kept short. This approach makes it easier for the user but jeopardizes the security of the mail system and its contents.
Currently, to access a voice mailbox, the user must dial the voice-mail telephone number (usually 4 digits) followed by the mailbox number (4 or more digits) followed by the mailbox password (4-16 digits). The use of this sequence of 12 to 24 digits discourages the use of longer mailbox passwords which, in turn, produces a relatively insecure voice-mail system.
Also, as in the case of the authorization codes, this method does not prevent the unauthorized use of another person's mailbox password.
In case of the current generation of cellular telephones a Mobile Identification Number (MIN) is transmitted to the cellular carder at the beginning of each call. The MIN is stored in a resident nonvolatile memory and identifies the user to the cellular network for billing purposes.
However, this approach has some drawbacks. Anyone who has access to the device can place calls and the costs will be applied to the owner of the device. If the device is lost or stolen, it can be used to place calls. As well, a MIN can be easily copied and used in clones of the device. This makes for a very insecure system.
Also, cellular phones that connect to PBX facilities such as long-distance circuits, Direct Inward System Access (DISA), voice-mail or multimedia mailboxes will be confronted with the same access-control problems described earlier for the PBX and voice-mail systems.
Although there are currently some memory-card based telecommunications systems, such as that disclosed in U.S. Pat. No. 4,759,056 to Akiyama, that can be used to store access codes, it does not provide the user with local (terminal level) password protected access to the contents of the card. Once the card is inserted into the card reader, its contents are automatically forwarded, without user password validation. The Akiyama system is convenient but certainly not secure enough for its application.
Another memory-card based system is disclosed in Application for Canadian Patent 2,016,935 to Sato which teaches storing telephone numbers and IDs in a "smart card". However, with this system, when the card is inserted into the card reader the card's speech charge and/or ID is automatically displayed or uttered without user password validation. The system has the convenience of storing telephone numbers and user ID but it does not have the capability to provide secure password access to the contents of the memory device.